Banking on the future, its time for OAuth in the banking industry.
Accessing bank information like statements and account balances programmatically is a difficult and risky problem.
Financial applications like Xero, Pocketbook, ANZ money manager involve giving your full access credentials to these companies. The security risk this imposes is high, each company you give this information to, the more opportunities hackers have of accessing your credentials.
Innovation around the finance industry is at an all time high pushing the boundaries of what the banks are currently providing.
Enter OAuth... Its been around since 2007 and Twitter and Google have their services fully intergrated with it. This allows trust between two companies connected by the users authorisation.
This implementation allows for the following scenarios:
- What specific bank accounts is the application requesting access to.
- What level of access (Read only, Transfer between accounts, External payments)
- Management of authorised companies from the banking website
- No need to share your full access credentials for your bank.
Typically the companies that do provide this kind of service have high costs of maintainin the security and scraping of your data from the banks sites. With a model that is a free secure connection, this allows for an influx of new and cost effective applications to help manage your banking faclilties.
While OAuth and API access is the end answer to the fast secure sharing methods for developers, there are many steps banks can take to forward the security level with already existing screen scraping technologies. EG: Having the ability to create sub accounts with specific access levels, these credentials can then be handed to pocket book for secure read only access.
Xero is also taking steps to have banks contact them to talk about the level of integration they can offer: http://www.xero.com/au/financial-institutions/ "Be the bank your customers want you to be"
This petition is my way of having banks realise that customers want access to this now, the access to have this happen is that each person use their bank's feedback forms asking for this kind of ability and to sign the partition. You can use the letter below as a copy and paste.
For companies: We are asking for you to create your own way of sturing up the community, to ask your user groups to contact their banks directly and having them ask for this kind of access, we want the next level of banking today.
* Video thanks to Open Bank Project who helps banks add OAuth.
- Financial Institutions
As a customer I would like to use financial software to integrate into my transactional data. As my financial institution I request you provide a more secure API level of access EG: OAuth and API services to securely share my data with companies I trust. In a way that I can still control who gets access to my data from my online banking page.
I see you as a leader in the banking industry. Its why I have my accounts with you. This level of secure access would allow me to use the latest technology and software that gives me meaningful ways of viewing my data.
Today: Clint is counting on you
Clint Davis needs your help with “Banking on the future, its time for OAuth in the banking industry.”. Join Clint and 28 supporters today.